From 35e83d10f230616888cc4258ceddf06a612dde8a Mon Sep 17 00:00:00 2001 From: Christian Burger Date: Sat, 14 Jun 2014 20:19:41 +0100 Subject: [PATCH 1/4] input: fix jumpy mouse cursor with USB mouse emulation Guest mouse pointer was jumpy, when moving host mouse in the vertical direction (see bug #1327800). Signed-off-by: Christian Burger Signed-off-by: Gerd Hoffmann --- hw/input/hid.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hw/input/hid.c b/hw/input/hid.c index 9656e90c59..148c003bb2 100644 --- a/hw/input/hid.c +++ b/hw/input/hid.c @@ -124,7 +124,7 @@ static void hid_pointer_event(DeviceState *dev, QemuConsole *src, if (evt->rel->axis == INPUT_AXIS_X) { e->xdx += evt->rel->value; } else if (evt->rel->axis == INPUT_AXIS_Y) { - e->ydy -= evt->rel->value; + e->ydy += evt->rel->value; } break; @@ -191,7 +191,7 @@ static void hid_pointer_sync(DeviceState *dev) if (hs->kind == HID_MOUSE) { prev->xdx += curr->xdx; curr->xdx = 0; - prev->ydy -= curr->ydy; + prev->ydy += curr->ydy; curr->ydy = 0; } else { prev->xdx = curr->xdx; From c340a284f382a5f40774521f41b4bade76ddfa58 Mon Sep 17 00:00:00 2001 From: Hani Benhabiles Date: Wed, 18 Jun 2014 00:23:34 +0100 Subject: [PATCH 2/4] usb: Fix usb-bt-dongle initialization. Due to an incomplete initialization, adding a usb-bt-dongle device through HMP or QMP will cause a segmentation fault. Signed-off-by: Hani Benhabiles Reviewed-by: Paolo Bonzini Signed-off-by: Gerd Hoffmann --- hw/usb/dev-bluetooth.c | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/hw/usb/dev-bluetooth.c b/hw/usb/dev-bluetooth.c index a9661d2801..a76e58191e 100644 --- a/hw/usb/dev-bluetooth.c +++ b/hw/usb/dev-bluetooth.c @@ -19,6 +19,7 @@ */ #include "qemu-common.h" +#include "qemu/error-report.h" #include "hw/usb.h" #include "hw/usb/desc.h" #include "sysemu/bt.h" @@ -506,6 +507,14 @@ static int usb_bt_initfn(USBDevice *dev) usb_desc_create_serial(dev); usb_desc_init(dev); + s->dev.opaque = s; + if (!s->hci) { + s->hci = bt_new_hci(qemu_find_bt_vlan(0)); + } + s->hci->opaque = s; + s->hci->evt_recv = usb_bt_out_hci_packet_event; + s->hci->acl_recv = usb_bt_out_hci_packet_acl; + usb_bt_handle_reset(&s->dev); s->intr = usb_ep_get(dev, USB_TOKEN_IN, USB_EVT_EP); return 0; @@ -516,6 +525,7 @@ static USBDevice *usb_bt_init(USBBus *bus, const char *cmdline) USBDevice *dev; struct USBBtState *s; HCIInfo *hci; + const char *name = "usb-bt-dongle"; if (*cmdline) { hci = hci_init(cmdline); @@ -525,19 +535,17 @@ static USBDevice *usb_bt_init(USBBus *bus, const char *cmdline) if (!hci) return NULL; - dev = usb_create_simple(bus, "usb-bt-dongle"); + dev = usb_create(bus, name); if (!dev) { + error_report("Failed to create USB device '%s'", name); return NULL; } s = DO_UPCAST(struct USBBtState, dev, dev); - s->dev.opaque = s; - s->hci = hci; - s->hci->opaque = s; - s->hci->evt_recv = usb_bt_out_hci_packet_event; - s->hci->acl_recv = usb_bt_out_hci_packet_acl; - - usb_bt_handle_reset(&s->dev); + if (qdev_init(&dev->qdev) < 0) { + error_report("Failed to initialize USB device '%s'", name); + return NULL; + } return dev; } From 3ce21445387c64032a21ae73c995195307a28a36 Mon Sep 17 00:00:00 2001 From: Jincheng Miao Date: Fri, 20 Jun 2014 14:12:52 +0800 Subject: [PATCH 3/4] usb: initialize libusb_device to avoid crash If libusb_get_device_list() fails, the uninitialized local variable libusb_device would be passed to libusb_free_device_list(), that will cause a crash, like: (gdb) bt #0 0x00007fbbb4bafc10 in pthread_mutex_lock () from /lib64/libpthread.so.0 #1 0x00007fbbb233e653 in libusb_unref_device (dev=0x6275682d627375) at core.c:902 #2 0x00007fbbb233e739 in libusb_free_device_list (list=0x7fbbb6e8436e, unref_devices=) at core.c:653 #3 0x00007fbbb6cd80a4 in usb_host_auto_check (unused=unused@entry=0x0) at hw/usb/host-libusb.c:1446 #4 0x00007fbbb6cd8525 in usb_host_initfn (udev=0x7fbbbd3c5670) at hw/usb/host-libusb.c:912 #5 0x00007fbbb6cc123b in usb_device_init (dev=0x7fbbbd3c5670) at hw/usb/bus.c:106 ... So initialize libusb_device at the begin time. Signed-off-by: Jincheng Miao Reviewed-by: Gonglei Signed-off-by: Gerd Hoffmann --- hw/usb/host-libusb.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hw/usb/host-libusb.c b/hw/usb/host-libusb.c index 33b5b9ff19..c189147f91 100644 --- a/hw/usb/host-libusb.c +++ b/hw/usb/host-libusb.c @@ -1522,7 +1522,7 @@ static void usb_host_auto_check(void *unused) { struct USBHostDevice *s; struct USBAutoFilter *f; - libusb_device **devs; + libusb_device **devs = NULL; struct libusb_device_descriptor ddesc; int unconnected = 0; int i, n; @@ -1623,7 +1623,7 @@ static void usb_host_auto_check(void *unused) void usb_host_info(Monitor *mon, const QDict *qdict) { - libusb_device **devs; + libusb_device **devs = NULL; struct libusb_device_descriptor ddesc; char port[16]; int i, n; From c1129f6bffb6fc756f53c06bc554a7997b1f4be4 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Mon, 23 Jun 2014 12:30:36 +0200 Subject: [PATCH 4/4] ccid-card-emulated: use EventNotifier Shut up Coverity's complaint about unchecked fcntl return values, and especially make the code simpler and more efficient. Signed-off-by: Paolo Bonzini Signed-off-by: Gerd Hoffmann --- hw/usb/ccid-card-emulated.c | 29 ++++++++++------------------- 1 file changed, 10 insertions(+), 19 deletions(-) diff --git a/hw/usb/ccid-card-emulated.c b/hw/usb/ccid-card-emulated.c index 7213c8909c..aa1c37aabd 100644 --- a/hw/usb/ccid-card-emulated.c +++ b/hw/usb/ccid-card-emulated.c @@ -126,7 +126,7 @@ struct EmulatedState { QemuMutex vreader_mutex; /* and guest_apdu_list mutex */ QemuMutex handle_apdu_mutex; QemuCond handle_apdu_cond; - int pipe[2]; + EventNotifier notifier; int quit_apdu_thread; QemuThread apdu_thread_id; }; @@ -162,9 +162,7 @@ static void emulated_push_event(EmulatedState *card, EmulEvent *event) qemu_mutex_lock(&card->event_list_mutex); QSIMPLEQ_INSERT_TAIL(&(card->event_list), event, entry); qemu_mutex_unlock(&card->event_list_mutex); - if (write(card->pipe[1], card, 1) != 1) { - DPRINTF(card, 1, "write to pipe failed\n"); - } + event_notifier_set(&card->notifier); } static void emulated_push_type(EmulatedState *card, uint32_t type) @@ -358,16 +356,12 @@ static void *event_thread(void *arg) return NULL; } -static void pipe_read(void *opaque) +static void card_event_handler(EventNotifier *notifier) { - EmulatedState *card = opaque; + EmulatedState *card = container_of(notifier, EmulatedState, notifier); EmulEvent *event, *next; - char dummy; - int len; - do { - len = read(card->pipe[0], &dummy, sizeof(dummy)); - } while (len == sizeof(dummy)); + event_notifier_test_and_clear(&card->notifier); qemu_mutex_lock(&card->event_list_mutex); QSIMPLEQ_FOREACH_SAFE(event, &card->event_list, entry, next) { DPRINTF(card, 2, "event %s\n", emul_event_to_string(event->p.gen.type)); @@ -404,16 +398,13 @@ static void pipe_read(void *opaque) qemu_mutex_unlock(&card->event_list_mutex); } -static int init_pipe_signaling(EmulatedState *card) +static int init_event_notifier(EmulatedState *card) { - if (pipe(card->pipe) < 0) { - DPRINTF(card, 2, "pipe creation failed\n"); + if (event_notifier_init(&card->notifier, false) < 0) { + DPRINTF(card, 2, "event notifier creation failed\n"); return -1; } - fcntl(card->pipe[0], F_SETFL, O_NONBLOCK); - fcntl(card->pipe[1], F_SETFL, O_NONBLOCK); - fcntl(card->pipe[0], F_SETOWN, getpid()); - qemu_set_fd_handler(card->pipe[0], pipe_read, NULL, card); + event_notifier_set_handler(&card->notifier, card_event_handler); return 0; } @@ -500,7 +491,7 @@ static int emulated_initfn(CCIDCardState *base) qemu_cond_init(&card->handle_apdu_cond); card->reader = NULL; card->quit_apdu_thread = 0; - if (init_pipe_signaling(card) < 0) { + if (init_event_notifier(card) < 0) { return -1; }